Data breaches raise new concerns about Australia’s e-health record

There have been calls for another stay on the roll out of Australia’s troubled My Health Record digital patient data scheme after figures revealed an increase in the number of data breaches.

The Sydney Morning Herald reported that the system sustained 42 data breaches last financial year, just as the country’s government struggled to convince people not to opt-out of the system.

My Health Record has been roundly criticised as it is based around an “opt-out” principle, and as the project developed there were serious concerns about what the information could be used for and who could see it.

There were worries that other government departments may be able to access the records – although researchers and public health officials can only access de-identified data from the system.

Critics also fear hackers could use the system to identify sensitive information, and that private companies could use the records for commercial gain.

The latest figures from the 2017-2018 financial year were an increase compared with the 35 data breaches reported in 2016-2017 reporting period, according to Australian Digital Health Agency figures cited by the newspaper’s website.

One breach reportedly occurred after a child was mistakenly given parental authorisation to view a record, 24 came from suspected cases of Medicare fraud, and 17 were due to records being accidentally used by two or more individuals.

Around six million Australians are in the database, according to the newspaper, and this is expected to increase by about 17 million when the opt-out period ends on January 31.

By the end of October, 1.1 million people had opted out of the scheme and the deadline to do so was pushed back because of the concerns.

The opposition Labor party has called for the system to be reviewed by Australia’s Privacy Commissioner before its final roll-out.

Labor’s health spokesperson said: “The government continues to botch this important reform and must heed Labor’s call for an independent review of privacy provisions.”

A spokesperson for the Australian Digital Health Agency told the website: “There have been no reported unauthorised views of a person’s health information in My Health Record in the six years of its operations.

“Errors of this type occur due to either alleged fraudulent Medicare claims or manual human processing errors, as was the case for breaches reported during the 2017-2018 financial year.”